Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

eldavojohn writes "After developing and using TaintDroid, several universities found that of 30 popular free Android apps, half were sharing GPS data and phone numbers with advertisers and remote servers. A few months ago, one app was sending phone numbers to a remote server in China but today the situation looks a lot more pervasive. In their paper (PDF), the researchers blasted Google saying 'Android's coarse grained access control provides insufficient protection against third-party applications seeking to collect sensitive data.' Google's response: 'Android has taken steps to inform users of this trust relationship and to limit the amount of trust a user must grant to any given application developer. We also provide developers with best practices about how to handle user data. We consistently advise users to only install apps they trust.'"

That's a list of the apps they studied, not a list of the apps which they found to be leaking private information. What I, and I suspect others are looking for is a table with the following headers: App Name, Publisher, Permissions, Leaked Information, version number.

The problem with the article is that they label apps as "suspicious" when they work as intended. Bump, for instance, is an information sharing app. It's designed to share your contact info (if you choose so) with other phones. I can't imagine it isn't one of the two apps that transmit the phone number, IMSI, etc., to the app's server, as that's how it's supposed to work.

Of course, Bump is also available for the iPhone through Apple's app store.

All this article shows is that Android security sucks. The whole popping up a dialog to ask the user for technical permissions system is fatally flawed, because most users don't understand and will just hit yes to proceed.

iPhone don't have the same degree of problem, because this kind of stuff will mean an app won't get into the App Store. Or if it manages to get through, it will be pulled rapidly once the security problem is discovered. That's one of the benefits of a single app store.

"One of the benefits of a single app store" -- like the single Android Market, you mean? You don't know how good Apple's security screening is, so you just choose to trust them for no reason whatsoever.

Indeed. It just offloads the problem on to someone else. I have no more reason to trust the guys at the App Store are going to be able to find sophisticated security holes. It's just another form of a false sense of security, with the added bonus that those bizarre Apple worshipers get to fit more snuggly into Jobs' uterus, believing themselves safe because their God and Protector wouldn't dare let anything nasty get through.

And I know that apps for them have remarkably free reign over when they can do, what data they have access to, and where they can send the data. And Apple really can't do much to police it, other than to pull the app [and I suppose possibly remotely delete/disable apps] if it is reported that an app is doing something wrong. Because they can really only do black-box testing, as they don't have access to your applications source code, what any a

There was a story on/. a couple of years ago about an iPhone app that sent the user's phone number back to the developer, and then he called them trying to sell the paid version. It is hardly a problem just limited to Android.

dialog to ask the user for technical permissions system is fatally flawed

understanding doesn't help me, not sure why it would help others. I think the flaw is it asks too late, and you can't block any of them to still use the App. IE I wanted a app to track car maintenance and MPG, I find the one that looks best, best reviewed... Now it comes up and says it wants phone, and internet access... Not needed for what I wanted, but what do I do now? Look for another, buy, install, and wait to see if it is worse?Would be nice if google also disclosed that in the app market before choosing, then maybe developers would explain what they used the connections for...

"We also provide developers with best practices about how to handle user data. We consistently advise users to only install apps they trust.'"

How exactly is one supposed to do this? What is the process for building trust vis-a-vis apps when the only protection you receive from your service provider is "don't walk into dark alleys you don't trust"?

Good question. I wanted to install a recipe application by a popular brand name company (although the idea of trust with said company might be a little shaky - their guacamole only contains 2% avocado or somesuch) but I didn't feel right because of the permissions required. This app is available for the iPhone, so I don't know if it comes with the same restrictions. I emailed them asking them why the app needs to know my phone's identity and contact data as well as location. They responded thinking that I h

which, incidentally, is what BlackBerry has. You can allow/deny each app permission to access your address book, calendar, internet connection, send SMS, open your mailbox, etc. I don't think even the iOS have that yet (or well, I think it does, but for GPS location only). An app must be prepared to get an "access denied" exception, and survive through it.

And for corporate users, an admin can even set your phone to not allow installation of custom programs, deny all requests to read the user's calendar/address book (except for a white-list of apps), etc, etc.

As an Android user I wish Android would copy this feature, and as a fan of superior technology, I wish BlackBerry could promote these security features more.

What's interesting is that if an Android app doesn't have permission an exception is raised, but you're taught to make sure to add the permission flag instead of catching the exception. (Which makes sense, because as it stands right now, if you don't set the flag you'll -never- get the permission). But if they had told you to catch the exceptions, applications would be ready for user-flippable permissions.

What's interesting is that if an Android app doesn't have permission an exception is raised, but you're taught to make sure to add the permission flag instead of catching the exception. (Which makes sense, because as it stands right now, if you don't set the flag you'll -never- get the permission). But if they had told you to catch the exceptions, applications would be ready for user-flippable permissions.

Exactly. Take Camera.open for instance. According to the javadocs...

Throws
RuntimeException if connection to the camera service fails (for example, if the camera is in use by another process).

What about a permission exception?!?!

No - instead they say - "If you want to use the camera, include this catch all crap!"
<uses-permission android:name="android.permission.CAMERA" / >
<uses-feature android:name="android.hardware.camera" / >
<uses-feature android:name="android.hardwa

As a user, I think it'd be great to have the ability to nuke privileges to certain functions that I don't think that the app should have. Inversely, I think as a developer this would be incredibly frustrating. Taking away the ability to perform functions that very well could be a core function of the app would cause no end of frustration to debug and fix. Plus, bad reviews and crashes relating to stupid permissions filtering just increases the support head-ache of releasing apps.

How much does the fact that the system/OS was created by Google, which is in the business of trying to mine as much personal data as it can? Is this misplaced trust just because they have a (now jaded) motto of 'do no evil'? People complain about privacy on Facebook while I am concerned more about Google. (Concerned because I can't really worry about something that is very difficult to do anything about by myself.)

Or, rather than not installing, shows a dialog or something that says, "We need ad revenue to continue supporting this application! Please enable location permission so we can provide ads and let you use this application for free. Or buy our paid version!" That way the user knows what they're getting into.

The issue with advertising (as I see it) is that there are actually a lot of small advertisers who are willing to pay for ad space, but only if it's relevant. For instance, I see ads for a local shop--that provides services as opposed to retail--in one app on my phone. You can bet that that shop owner would be unwilling to pay for ads that were going to be distributed nationally, because 99% of the people who see that ad aren't going to live close enough to use the service.

It is hard enough to know if I should trust my child, and I raised him. He doesn'ttell me much. App developers tell me less, and some of them are devious. This is nota good security model. And Google knows better.

"Android has taken steps to inform users of this trust relationship and to limit the amount of trust a user must grant to any given application developer. We also provide developers with best practices about how to handle user data. We consistently advise users to only install apps they trust." -- Google

What a bunch of fluff. The relevant developers don't care about "best practices" or any other voluntary standard. And how the f*** are users supposed to establish trust in certain apps? The platform does not significantly monitor an application's ongoing behavior, nor is anyone performing serious code-reviews or blackbox testing. Google COULD HAVE set up profiling tests similar to those run in TFA, but didn't.

For ONCE would a company please admit that they reduced privacy in order to provide the dumbed-down usability needed to capture market share and attract developers?

Rather than a blanket "you can send anything you want anywhere you want/you can send nothing to anywhere" switch, a finer-grained constrained set of permissions may be the way to go. Specifically:

Commonly-requested data such as location and phone number are sent through specific APIs that ONLY send the requested info, and cannot send any other data. This data is sent not directly to whatever server, but to servers at the network provider, and the app provider picks them up from the network provider. This prevents arbitrary data from being sent when the claim that it is only a specific piece of data, allows "bad" apps (defined by deception, prohibited use or incomplete disclosure) to be cut off at the network provider when discovered, and allows vetting of outgoing data to ensure it meets the claimed destination.

Transaction logs must be kept and be accessible to allow a user to see what's going out. Yes, most end users won't be able to make sense of the logs. But these logs could be uploaded to a security software provider for analysis, and the results presented in an understandable manner. "DroidGameApp: Microphone activated and streamed, GPS info, phone number sent to www.dhs.gov"

Information collection by ads should be governed by a different set of permissions than the app presenting the ads. Ad-supported apps are fine, but the user should know what ads are doing on the network independent of the app.

And if an app provider doesn't like the light shone on their activities... that's a pretty good indicator right there.

"Information collection by ads should be governed by a different set of permissions than the app presenting the ads. Ad-supported apps are fine, but the user should know what ads are doing on the network independent of the app."

I think that is the strategy of 'Google ads' being served through apps, but I'm not sure if they've actually done that yet. AdMob (which is now Google as well) definitely needs internet and possibly coarse location if the dev wants to allow for geo sensitive ads. It would be nice to

Android gives users and developers a lot more freedom than other alternatives - with that comes responsibility for both parties. If you want a platform where you are told what to, when to do it, and whom you can do it to get an iPhone.

When you incorporate advertising "services" and usage statistic tools into your apps, this is what happens. You get the convenience of "free" tools which make your life easier; either by automatically handling ad imprints (and earning you some money); or by providing you with app usage statistics -- or both.

On the surface you don't pay anything for these tools. They integrate nicely into your app, and you only have to add a few lines of code -- the essence of what good developer's tool should provide.

I don't get it, why is this being positioned as an Android problem? Last I checked, iPhone apps aren't even required to tell you what data they use in the first place -- is there an iPhone equivalent to the "uses internet access", "uses coarse location services" page that the Android Market displays to you? There's a ton of iPhone, Blackberry, Parlm, etc apps using advertising support, which is what the vast majority of this article is finger-pointing.

Nobody, at any marketplace service, is going to have time to do a code review of everything that gets submitted. Even console games -- which have a months-long and intensely painful approval process the likes of which you've never seen -- don't do code review. The very concept is ridiculous, there's way too much code and way too many people involved. You're going to have to trust your developers folks, and make use of the user-ratings tools if you don't.

Android's model of showing you what special access the software uses is about as good as I think you can get in the real world without learning to use a packet sniffer. RIM's ability to disable individual types of access is cool as well, but if the software needs it to function (or says it does) I'm not sure how the user is supposed to be in a position to use it intelligently. To avoid these sort of data harvesting problems, they'd have to somehow psychically know that the contact manager they're trying out uses that internet access for more than the occasional ad serve, and how would they know that?

When an iDevice app tries to read your location, it requires your permission to access that data. That's enforced by iOS, it's not an honor thing. The first time it tries to do so, iOS pops an alert saying "this app wants to access your location. Allow/Deny".

...is there an iPhone equivalent to the "uses internet access", "uses coarse location services" page that the Android Market displays to you?

Yes. Both systems use similar schemes for jailing apps, with user permissions for access to various services.

There's a ton of iPhone, Blackberry, Parlm, etc apps using advertising support, which is what the vast majority of this article is finger-pointing.

True, but most are transitioning to iAd, which divorces the advertiser and location services from one another such that it is not so much of privacy concern.. at least if you trust Apple to do what they say (as opposes to every app developer).

Nobody, at any marketplace service, is going to have time to do a code review of everything that gets submitted.

Well, they could if they put the resources into it. It might even be important enough to end users if malware becomes a real issue on mobile platforms. That s

But that's already what happens. The permissions list on an Android app isn't an honor system -- if the app tries to access your contacts list, and that permission isn't in the manifest, the app will throw and exception and fail. Fundamentally you can't use a permission without informing the user up-front when they purchase it.

Add Access Control Lists to the functions/API which grants access to personal data (such as email address, phone numbers/lists, browsing history, GPS location). Since it is an open platform, we can do this ourselves if we want. All applications which attempt to access such data will be verified against the ACL to see if it can receive such information. If the application is not on the ACL, then, the API returns either an error code (which requires the current applications to be recompiled...), or an empty r

The headline doesn't really match the contents of the paper as far as I can tell.For example, "Evernote" is listed in the paper for:1) Taking pictures with the camera2) Recording audio with the microphone3) Determining your locationAnd for transmitting this data to its servers.

These functions are, however, exactly what the application is designed for. You take notes (including snapshot notes and voice notes) and upload them to your account. When you launch the app, there are big buttons for "take a snapshot note" , "take an audio note", etc. Geo-tagging via the location APIs can be disabled from the Settings page, but this is another core advertised feature of the product.

So this is a bit like making it into Slashdot by discovering that a mail client transmits text that you type (and your email address!) to a mysterious "SMTP" server.Headline: "Researchers discover nefarious 'e-mail' application leaking your data... on the INTERNET!"

Personally, I think this is going to be a larger issue as time goes on. Right now, it's more of an annoyance with advertisers and marketing companies, but who's to say that in the near future some other companies don't start providing apps that track users for other reasons.

Could you imagine a company that provides location data for your ex-spouse, or perhaps girlfriend or boyfriend, or even your children? I know this is kind of tin-foil hat paranoia, but I think the recent problems with things like the Go

The last time this issue came up, I started sending emails to the developers of my apps challenging their need for permissions that don't seem to make sense. I got several replies that stated that the legitimate permission the developer needs is buried under overly broad packages.

For example, a battery monitor app needs to request access to "Phone Calls" to read the battery state.

With such granularity developers can't be responsibly specific and end users have no rational way to accept/reject apps based on

There's a Mac program called Little Snitch which tells you which apps are sending out data, and what kind, and where it's headed. Any idea if there's a similar program for Android?
I don't so much mind that some apps can do things they don't need to. But if users can identify which ones it would help a lot.

All apps have access to r/w your sdcard, and to get your identity (esn/imei/meid/phone number). Once you give an app permission to access the internet, your identity and sdcard contents are public.

Google needs to fix this. Don't believe me? Install a file manager app. Most won't ask for permission to access the sdcard, but they will be able to. Some permissions are granted without the app asking for it.

Are you sure? In the app I wrote I had to explicitly request access to these in the application's manifest file, or get an error.

As long as no "who" information is transmitted to the advertiser, it's not personal. It's just some unknown device at coordinates X,Y at time T. Add on a unique identifier, then it starts getting personal as they can start building a profile of person P.

AdMob uses the -coarse- sensitive location for ads when you want to serve up something thats location sensitive like 'Eat at McDonalds in "My City" at abc blvd.' but that's pretty much it. All they really need is the coarse location setting which gives a general approximation of where the individual is at in order to target ads for the best experience. That's is a location sensitive ad, and it was the choice of the app developer to allow it. The app developer wants more money from their ads, but its not lki

Not if they don't know who you are. You're not scared enough of being seen driving down the highway to hide your face and plates. Nor are most technical people so fearful of this that they'll bother to use a proxy to avoid IP and browser information to be revealed.

Raw GPS data in itself is pretty useless except to correlate similar coordinates. What can they do- send you an ad for a local pizzeria if it's dinnertime, or local entertainment otherwise? Big deal.

No, the problem is gold-rush developers. With a platform like the iPhone, or Android, you have a sudden perception among developers that they can get rich from relatively simple apps. This leads to the '200 fart apps' problem, and it also leads to a massive incentive to get things to market before the competition, which causes a complete lack of QA in the release process.

There is no simple solution to this, the only thing to do is wait for the platforms to mature.

it also leads to a massive incentive to get things to market before the competition, which causes a complete lack of QA in the release process.

In the iOS world any app can try to read the GPS but the user is presented with a dialog asking for permission to do so. If it's an annoyance you can turn apps' permissions on or off individually in the Location options.

This is the value of the App Store that geeks/developers consistently underrate. Apple's walled garden provides a barrier to entry that helps to reduce the risk of ending up with a fart app that's also downloading your private banking information to China.

Google's free-for-all Marketplace is a real risk to Android's long term success because it sets up Android phones to become the must-see destination for viruses, mal-ware, and other shady operations. How long do you think it's going to be before having an Android anti-virus application is a practical requirement? What the uber-geek sees as the positive benefits of the Android eco-system (freedom and unlimited choices) are in fact NEGATIVE attributes to most of the rest of the mobile phone consuming populace. It's sorta like Android is the Linux of mobile phones...oh wait.

I enjoyed the EVO vs. iPhone YouTube video as much as anyone but more than a funny rip on Apple, it's also a perfect demonstration of how a lot of the technical community doesn't get it. Android's popular because the iPhone is hard to get and it's a pretty respectable facsimile of an iPhone, not because it has more WIFIs and GBs than Apple. When rogue apps start to make Android painful to use and own expect consumers to start looking for The Next Big Thing (tm).

This is the value of the App Store that geeks/developers consistently underrate.

That's because a lot of geeks and developers don't need Apple to tell them what not to install, they're typically capable of figuring that out on their own. If a simple card game asks for fine-grain location information or full internet access, that should be a red flag to anyone paying attention.

Maybe it's just the case that Android is for "power users" and Apple is for everyone else, but the value that you see in Apple's store is simply not needed by a lot of the people who buy Android devices, and in fact becomes a negative.

Philosophically, the market is only fractionally made up of geeks and developers. Consumers are where the big bucks are. You then make a leap to conclude that "Android is for 'power users'" and Apple for everyone else.

Instead, TFA implies that google is saying caveat emptor, where Apple is at least trying to prevent surrepticious application behavior. Some people believe that this action embues a sense of trust. I'm not sure that I do, but others seem to feel so.

You then make a leap to conclude that "Android is for 'power users'" and Apple for everyone else.

No, I didn't conclude that. You can tell by the phrase "maybe it's just the case". That's one hypothesis for why Android users seem to favor an open market. I don't know what the actual reason or reasons are, so that's why I guessed.

I would expect Google to tell developers to show source, parse that source for obvious bad behavior, and act to prevent problems, be they memory leaks, Java cache loops, or mad-dialing behavior or attempts to use information they're not supposed to.

They can do that, but they can only do that on their own marketplace. It's fine if Google wants to vet apps, as long as they don't require that all apps that get installed need to have been vetted by Google. That's the negative part of the Apple model.

Then the added value of a Google store is simply as a money taker, and any subsequent Android app vendor unless they vet the code.

In my mind, the negative part of Apple's model is threefold: 1) Apple's hideous commission, 2) censorship without providing an adult marketplace, and 3) components of the vetting process that very highly restrict an application's behavior in a way that doesn't suit Apple, not the user's intention or desire.

Just throwing open a store and saying here are some great Android apps has

Eh - malicious devs aren't retarded. If you are going to write code that does something bad, you'll hide it in an app that would also need that level of access.

For example - if I want to write an app that will secretly send text messages from your own to a premium text service that will cost you $9.99 per text - I wouldn't stick it into a card game app. I'd stick it into an app that claims to do something novel or useful with text messages. Like an app that takes your boring text message and translates it into ebonics, or leet speak or whatever.

If you code it in such a way that, it won't send out the premium texts until after a particular date - say 3 months after you write it; if it's a half-way decent app, you'd have plenty of time to build a user base with decent ratings.

I don't doubt that you're right or that Android will continue to be popular with the technically savvy. The risk for Android is that it puts Linux's chaos and complexity front and center in the mobile phone market and ends up burning out customers because people are overwhelmed with choices and malware. (Is it the year of the Linux desktop yet?)

Let's face it: Apple doesn't police the App Store out of some Machiavellian power trip or pure altruism, they do it to protect their brand identity (and therefore their ability to demand a premium for their products). That it also happens to be a nice benefit for their customers is just a happy side-effect.

Google's abdicated this role in the Marketplace and I think that's dangerous for the long term viability of Android as a mobile platform. Google isn't acting like it believes it has to care, but it should.

If Nokia weren't so culturally opposed to anything they didn't invent themselves this would be a grand opportunity for them: adopt Android and build a walled garden for Android in the Apple style. A variety of cutting edge phones, with high end features, global support from multiple carrier partners AND a protected/policed app store? It would be a game changer for both Android and Nokia, but they'll never do it. (Look up in NIH syndrome and you'll get a redirect to Nokia's home page.)

Google's free-for-all Marketplace is a real risk to Android's long term success because it sets up Android phones to become the must-see destination for viruses, mal-ware, and other shady operations.

Yes, because Microsoft's free-for-all software development policies has really threatened it's long term success. All the viruses, mal-ware, and other shady operations are causing people to abandon the OS and move to other competing OSes. Oh wait, that's a complete crock. My bad. I guess free-for-all access to software isn't a threat to long term success, rather, it's a key to long term success. Hmm, go figure. It flies in the face of Apple-apologist common sense. Well distort my reality!

> When rogue apps start to make Android painful to use and own expect consumers to start looking for The Next Big Thing (tm).Yeah, it'll be like when everyone stopped using Windows and Microsoft was forced out of the OS busi....oh wait...

You can compare it to PC software. There is no regulating of what programs you are allowed to install or not.. this goes for linux and windows (i don't know mac). There are trusted vendors that emerge from the masses based on performance. The Android market is probably too new to produce "leaders" that people use as their goto software people. I enjoy the freedom of installing anything i want on my PC.. it should be the same for the phone. Why not?

This is the value of the App Store that geeks/developers consistently underrate. Apple's walled garden provides a barrier to entry that helps to reduce the risk of ending up with a fart app that's also downloading your private banking information to China.

This could also lead to a false sense of security, which is also massively underrated. Apple can't possibly catch all software flaws. Indeed iOS4 was jailbreaked by a vulnerability in PDF code, leading to a simple website visit to gain root access to your phone. Which was a little scary to think what might have happend if that vulnerbaility was in the hands of a malicious party.

Android won't need anti-virus because it is very robust security model. It is linux after all, which is largely virus and malware free. The design of the OS is even more robust than desktop linux. With the exception of rooted phones, viruses would find it very difficult to propogate let alone do any real damage.

The occasional malicious app that steals some userdata is about all that can go wrong. For now.

The value of the Apple App store is Apple has done some of the thinking for you. Unfortunately this means iOS users will install everything without ever stopping to consider security. This is dangerous to have a user base completely ignorant of security matters and Apple is demonstrably guilty of keeping it's users in the dark as much as possible. Androids prompt for permissions is a rather good way of making people stop and think about the app you are about to install, and I believe this kind of thing is the correct initial approach. User education is 90% of the problem with security on digital platforms.

In practice, both iOS and Android have problems with malware already, and it's hard to say one has more of a problem than the other. Frankly, neither approach to app security is ideal therefore both platforms will be constantly fighting malware. Android could do with a lot more quality control - at very least stop neglecting the market, the moderation system for comments and ratings needs updating. Nothing beats weeding out bad apps by a good feedback system.

The majority of the general cell phone using population is always going to be ignorant of security, and is always going to want someone else to deal with it.

iOS is also quite secure by design. It is based on a real UNIX that also has very few wild viruses. iOS has had a couple of bad remote exploits in it's existence, both of which were fixed pretty fast. Android (just like Linux and any other OS) has some too. Fixing them in Android might actually be problemmatic as many carriers seem to take the view that os upgrades are optional. Both systems are inherently as vulnerable to trojans as anything else. The difference is, Apple does a pretty thorough job of prescreening, and doesn't let you install pretty.scr that your friend emailed you. Google doesn't. And tossing your users out to look after their own security doesn't work. Otherwise Windows would be the safest OS.

Google is going to have to step up before something bad and widespread happens. If they don't, someone else, probably the carriers, will do it for them. And if you think Apple is repressive, you've clearly forgotten what (popular) cell phones were like before the iPhone.

One of the reasons that BB's are so popular with the corporate crowd - despite lacking some of the "nifty" features of other phones - is that they're really good on security. BES allows the corp to do a lot of things to a lost/stolen/etc phone. The data on the handset is supposed to be encrypted, and can easily be reset or wiped. Most apps have varying levels of security that *ASK* the first time (to access the internet, or whatever) whether they should be allowed a one-time or consistent access to various

It may just be sending some statistical data so the server can form better assumptions about the user and thus provide better service in the future. Or it may be sending such data for nefarious purposes. Without accessing the code, you can't know...

I don't see how access to the code is necessarily going to help you with that either, unless the developer commented their code with

// transmit personal info for nefarious purposes, MUHAHAHAHA!!!

How the data is used will be on the server side, and complete transparent to the end user.

I would like the option to restrict specific permissions at the application level. Currently when I'm about to install an application, I'm given a list of permissions the application is requesting where I can choose to either install the app, or not install if I don't agree with something. Now I know that this has the potential to break many applications or cause some problems if I have the ability to deny a specific permission, but it would be nice if this could be implemented somehow to give the user more

Location data based on IP address will not work on a cell phone. At least not on the Verizon network. I'm not sure how IP addresses are assigned by them, but it seems that they have blocks that are used to cover very wide areas. I live in the midwest, and the location for my IP regularly shows up as 2-3 states away. Provides for some fairly amusing "targeted" ads on occasion.

This is the same reason why I'm still running a version of Pandora from nearly a year ago, along with a couple other apps. I still get the annoying notification about having 3 updates ready to install, but I feel it's a small price to pay.

Given that the vast majority of their users will spends hours and hours using the fruits of their labor; they'll refuse to support it with funds. No matter how great they think it is.

That sense of entitlement pushes software devs to come up with creative ways to make money. Advertising is the go-to and if they can get more money using the GPS to make it targeted ads, of course they are going to try.

I'm sure nobody at Pandora is going to lose sleep because someone won't install their free app and use it, f

Even though we have seen applications that say they are flashlights actually enable Phone Tethering get to the App Store? If you really think Apple is going over these things that finely, you are crazy.

The main cost is your freedom to install some nice stuff because Apple does not merely filter based on purely user-loving reasons. All too often, they just don't like something for monetary, strategic or political reasons.

Oh and the fact that you need to jump through hoops for tethering? What the fuck? I press one button and my Desire is a hot-spot.